1. HCM Info
  2. Heartland Retail
  3. FAQ Documentation

Heartland Retail Multi-Factor Authentication / Single Sign On FAQ

[[ video.video_data.title || (video.article_name + ' - ' + video.video_id) ]]

Heartland Retail Multi-Factor Authentication / Single Sign On FAQ

What is Single Sign-on?

Single sign-on (SSO) is an authentication solution that allows users to log in to multiple applications and websites with one-time user authentication.

What is Multi-Factor Authentication? 

Multi-factor authentication serves as an additional safeguard against cyber threats such as phishing attacks and unauthorized account takeovers. This security feature validates your identity by using two distinct "factors" of authentication during the login process.

  • Something you know (such as a password)
  • Something you have (Phone or Device)
  • Something you are (such as a fingerprint or other biometric method)

What does this mean for you? 

To enhance account security and protect sensitive customer data, we're introducing changes to how we display customer personally identifiable information (PII). This change will involve masking parts of customer data and changing what customer information is accessible to employees who choose not to MFA. 

All Users will be required to set up an Azure Multi-Factor-Authentification Account. To do this, the User will first need to select the preferred option of MFA that they will use. These options consist of using either an MFA authenticator APP or directly to their mobile device via SMS Text Message. 

We have established the following procedure to simplify access to the point-of-sale system and minimize the need for frequent multi-factor authentication (MFA) by cashiers:

When using the Heartland Retail APP, the Point of Sale Page will not require that the user verify their identity through Multi-Factor Authentification. Simply put, the user will not need to do multi-factor authentication to process a transaction. While this feature is currently being developed, we do not have any screenshots to share. We will update the guide as soon as we have more information, so please stay tuned.

With this change implemented, we will direct users to the Point of Sale Screen upon logging in to the Point of Sale. If users wish to access the sales dashboard or any other back office pages, they will be prompted to complete authentication via MFA. 

 

What if I don’t want to MFA? What will be available to me? 

To simplify the process, we have identified what features will be available to users who choose not to use Multi-Factor Authentication. These features reside within the Point of Sale Screen and are listed below:

  • Process Transactions
  • Gift Cards 
  • Tax adjustment
  • Find Item
  • Quick Buttons 
  • Quick Actions
  • The ability to Find tickets
  • Create a New ticket
  • Create a layaway
  • Assign Sales Rep
  • Select Customers
  • Manage the drawer
    • Close the Drawer
    • Cash Paid In/Out
    • Daily Summary
  • Hardware Settings

When accessing the Heartland Retail App's back office components, such as Sales Orders, Purchase Orders, Dashboard, or any additional dropdown menus, you will be required to perform multi-factor authentication (MFA) into the system. 

 

Once you have completed the MFA process, you will have full, unrestricted access to the POS based on the role permissions assigned to you. 

 

Below are the steps to set up MFA and validate your email:

To facilitate this change, we have divided the project into two phases. The first phase involves Email Verification, where we request our end users to confirm and verify that their email address is correct. The second part will be the MFA authentication selection set up in order to receive an MFA code to access the Back office functionality of the Heartland Retail App. 

 

HOW TO VALIDATE YOUR EMAIL:

Users will now be required to add a valid email address to their “My Account” page, as shown below: 

On the “My Account” page, users will need to update their email address as shown in the screen below: 

Upon entering your email address, press Save

 

Please note: You must have CURRENT access to this email address to verify your account. 

 

 

Within the next month, a screen will appear with a notification prompting you to verify your account when you first log in to the Heartland Retail App.  See a sample below:

Within the validation screen, you will have the ability to review your email address. If the displayed email is accurate, select "Send Verification." This action will initiate the Verification Email to the specified email address. If the email is incorrect, please select “Update Email” and enter the correct email address.  

 

The email that will be sent will come from a no-reply heartland domain. See a sample of the email below : 

 

 

This email contains a link that you must click to confirm your email address. Upon clicking on this link, you will be redirected to a page confirming that you have successfully verified your email address. A toast message will also appear on the POS confirming that you have verified your email address. 

Upon verification of your email address, you can use MFA in multiple ways, including email, text message, and/or the authenticator app. However, the first email verification MUST be completed via email authentication. 

IMPORTANT: You must update your account with a verified email address before May 14, 2024, to continue accessing your account.  After this date, you will be unable to access Heartland Retail until you have completed the Email Verification Process.

 

Frequently Asked Questions:

Please be aware that sharing accounts is no longer possible due to the recent security enhancement. Logging in now requires a valid email address instead of the user ID. The use of user IDs for login has been discontinued. Consequently, all users must possess a distinct user account with a verified email address to continue accessing the Point of Sale

To help prevent questions, we have compiled a list of frequently asked questions. As always, if you have an additional question not addressed in the document below, please contact Heartland Retail Support at 833-844-4767

  1. Does the email address associated with “My Account” need to be a corporate or private email address? 

Great Question! It doesn’t matter what type of email you use. The important thing is that you have direct access to it to verify your account. 

  1. Why do we no longer allow shared users? 

Heartland Retail does not charge “per-user”; therefore, with the new additions of MFA/SSO, we want to ensure complete privacy and security for each user. By removing shared accounts, we can ensure that each user is protected and secure from malicious actions.  

  1. Why did you choose to do MFA/SSO?

Heartland takes your security seriously, and MFA/SSO is another opportunity to protect your data and information with today's best standards. Also, PCI-DSS requires MFA to be implemented in certain situations to prevent unauthorized users from accessing systems. MFA compliance ensures that it remains virtually non-intrusive.

  1. What are some benefits of using Multi-Factor Authentication?  

There are numerous benefits to using MFA. However, the first benefit is the security enhancements. Because users now need to verify their identity via email, a hacker can’t gain access to your point of sale, even if they do manage to steal an employee’s password.

Secondly, with MFA/SSO, users can ensure their data is always protected. No other users should have access to their accounts. In turn, they can rest assured that if someone is trying to log in under their user account, they will be blocked from accessing the account entirely without the second layer of authentication. 

  1. Will each employee be required to have their own user and email?

Please be aware that sharing accounts is no longer possible due to the recent security enhancement. Logging in now requires a valid email address instead of the user ID. The use of user IDs to log in will be discontinued. Consequently, all users must possess a distinct user account with a verified email address to continue accessing the Point of Sale.

 

Again, we know this change may take time, and we are here to assist you every step of the way. Should you have any further questions or concerns, please feel free to reach out to Heartland Support at 833-844-4767, Option 1, followed by Option 2, or by email at hretailsupport@heartland.us.

 

Thank you for choosing Heartland Retail! We appreciate you and your business!

_____________________________________________________________________________________

A Global Payments Company